Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yZm0yLWY5NGotcWhqcM4AA7Om
OpenStack Storlets arbitrary code execution vulnerability
An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.
Permalink: https://github.com/advisories/GHSA-rfm2-f94j-qhjpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yZm0yLWY5NGotcWhqcM4AA7Om
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 7 months ago
Updated: 5 months ago
CVSS Score: 7.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-rfm2-f94j-qhjp, CVE-2024-28717
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-28717
- https://bugs.launchpad.net/storlets/+bug/2047723
- https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f
- https://github.com/openstack/storlets/commit/5ad58804af885db3eb7a78bea5000c401eeeb70e
- https://github.com/advisories/GHSA-rfm2-f94j-qhjp
Blast Radius: 2.3
Affected Packages
pypi:storlets
Dependent packages: 0Dependent repositories: 2
Downloads: 2,703 last month
Affected Version Ranges: < 13.0.0.0rc1
Fixed in: 13.0.0.0rc1
All affected versions:
All unaffected versions: 0.6.0, 0.7.0, 1.0.0, 2.0.0, 3.0.0, 4.0.0, 5.0.0, 6.0.0, 7.0.0, 8.0.0, 9.0.0, 10.0.0, 11.0.0, 12.0.0, 13.0.0, 14.0.0